hi all,
i''m trying to understand how networking works on xen, but the firewall
is
messing the setup and i don''t know why (it shouldn''t block
connections of
the virtual interfaces!)..
i''ve the following setup: suse 10.2 with 2 network interfaces, the
first one
remains untouched by xen and is used only by the server itself -no problem-.
the second one runs on another network and is managed by xen. the second
interface doesn''t work when the firewall is activated and server and
virual-server can''t see each other. none of them can connect to any
other
hosts of this second network.
bridge is up and running:
# brctl show xenbr1
bridge name bridge id STP enabled interfaces
xenbr1 8000.feffffffffff no vif0.1
peth1
vif1.0
everything seems to be correct, interfaces are:
eth0 - network 1 - xen doesn''t use it, works well
eth1 - network 2 - xen manages it, does not work when firewall is enabled
peth1
vif0.1 - eth1 on server
vif1.0 - eth0 on virtual server
xenbr1
lo
what''s what i''m missing about xen networking? the server
firewall should
only block connections directed to him, but not those of the virtual server,
is it right? i have tried to put this interface on the internal zone (no
port is blocked) and doen''t work, i''ve activated forwarding,
doesn''t work..
only when the firewall is stopped everything works fine..
any help would be appreciated!
regards
jorge
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
Run this
sysctl -w net.bridge.bridge-nf-call-iptables="0"
then try your firewall again
Ian
Tidyhosts UK - Server & Web Specialists
This email and its attachments are scanned by TidyHosts UK. All emails
and attachments should also be scanned by the recipient. TidyHosts UK
accept no responsibility for any damage caused by any virus attached to
this email. This email is confidential and is intended only for the
addressee(s). Information copied from it is prohibited unless clearly
stated by TidyHosts UK. If you have received this email in error please
reply to the sender.
From: xen-users-bounces@lists.xensource.com
[mailto:xen-users-bounces@lists.xensource.com] On Behalf Of zuaago
Sent: 15 July 2007 23:26
To: xen-users@lists.xensource.com
Subject: [Xen-users] firewall messing xen setup
hi all,
i''m trying to understand how networking works on xen, but the firewall
is messing the setup and i don''t know why (it shouldn''t block
connections of the virtual interfaces!)..
i''ve the following setup: suse 10.2 with 2 network interfaces, the
first
one remains untouched by xen and is used only by the server itself -no
problem-. the second one runs on another network and is managed by xen.
the second interface doesn''t work when the firewall is activated and
server and virual-server can''t see each other. none of them can connect
to any other hosts of this second network.
bridge is up and running:
# brctl show xenbr1
bridge name bridge id STP enabled interfaces
xenbr1 8000.feffffffffff no vif0.1
peth1
vif1.0
everything seems to be correct, interfaces are:
eth0 - network 1 - xen doesn''t use it, works well
eth1 - network 2 - xen manages it, does not work when firewall is
enabled
peth1
vif0.1 - eth1 on server
vif1.0 - eth0 on virtual server
xenbr1
lo
what''s what i''m missing about xen networking? the server
firewall should
only block connections directed to him, but not those of the virtual
server, is it right? i have tried to put this interface on the internal
zone (no port is blocked) and doen''t work, i''ve activated
forwarding,
doesn''t work.. only when the firewall is stopped everything works
fine..
any help would be appreciated!
regards
jorge
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
now everything works, great! thank you very very much ian! regards jorge 2007/7/16, Ian Tobin <itobin@tidyhosts.com>:> > > > > Run this > > > > sysctl -w net.bridge.bridge-nf-call-iptables="0" > > > > then try your firewall again > > > > Ian > > > > Tidyhosts UK - Server & Web Specialists > > > > This email and its attachments are scanned by TidyHosts UK. All emails and attachments should also be scanned by the recipient. TidyHosts UK accept no responsibility for any damage caused by any virus attached to this email. This email is confidential and is intended only for the addressee(s). Information copied from it is prohibited unless clearly stated by TidyHosts UK. If you have received this email in error please reply to the sender. > > > > > From: xen-users-bounces@lists.xensource.com [mailto:xen-users-bounces@lists.xensource.com] On Behalf Of zuaago > Sent: 15 July 2007 23:26 > To: xen-users@lists.xensource.com > Subject: [Xen-users] firewall messing xen setup > > > > > hi all, > > i''m trying to understand how networking works on xen, but the firewall is messing the setup and i don''t know why (it shouldn''t block connections of the virtual interfaces!).. > > i''ve the following setup: suse 10.2 with 2 network interfaces, the first one remains untouched by xen and is used only by the server itself -no problem-. the second one runs on another network and is managed by xen. the second interface doesn''t work when the firewall is activated and server and virual-server can''t see each other. none of them can connect to any other hosts of this second network. > > bridge is up and running: > > # brctl show xenbr1 > bridge name bridge id STP enabled interfaces > xenbr1 8000.feffffffffff no vif0.1 > peth1 > vif1.0 > > everything seems to be correct, interfaces are: > > eth0 - network 1 - xen doesn''t use it, works well > eth1 - network 2 - xen manages it, does not work when firewall is enabled > peth1 > vif0.1 - eth1 on server > vif1.0 - eth0 on virtual server > xenbr1 > lo > > what''s what i''m missing about xen networking? the server firewall should only block connections directed to him, but not those of the virtual server, is it right? i have tried to put this interface on the internal zone (no port is blocked) and doen''t work, i''ve activated forwarding, doesn''t work.. only when the firewall is stopped everything works fine.. > any help would be appreciated! > > regards > > jorge > > > > > > > > >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Glad it works, you will need to add it as part of your firewall script at the top in case you reboot the server. thanks Tidyhosts UK - Server & Web Specialists This email and its attachments are scanned by TidyHosts UK. All emails and attachments should also be scanned by the recipient. TidyHosts UK accept no responsibility for any damage caused by any virus attached to this email. This email is confidential and is intended only for the addressee(s). Information copied from it is prohibited unless clearly stated by TidyHosts UK. If you have received this email in error please reply to the sender. -----Original Message----- From: zuaago [mailto:zuaago@gmail.com] Sent: 16 July 2007 12:40 To: Ian Tobin; xen-users@lists.xensource.com Subject: Re: [Xen-users] firewall messing xen setup now everything works, great! thank you very very much ian! regards jorge 2007/7/16, Ian Tobin <itobin@tidyhosts.com>:> > > > > Run this > > > > sysctl -w net.bridge.bridge-nf-call-iptables="0" > > > > then try your firewall again > > > > Ian > > > > Tidyhosts UK - Server & Web Specialists > > > > This email and its attachments are scanned by TidyHosts UK. All emails and attachments should also be scanned by the recipient. TidyHosts UK accept no responsibility for any damage caused by any virus attached to this email. This email is confidential and is intended only for the addressee(s). Information copied from it is prohibited unless clearly stated by TidyHosts UK. If you have received this email in error please reply to the sender. > > > > > From: xen-users-bounces@lists.xensource.com [mailto:xen-users-bounces@lists.xensource.com] On Behalf Of zuaago > Sent: 15 July 2007 23:26 > To: xen-users@lists.xensource.com > Subject: [Xen-users] firewall messing xen setup > > > > > hi all, > > i''m trying to understand how networking works on xen, but the firewall is messing the setup and i don''t know why (it shouldn''t block connections of the virtual interfaces!).. > > i''ve the following setup: suse 10.2 with 2 network interfaces, the first one remains untouched by xen and is used only by the server itself -no problem-. the second one runs on another network and is managed by xen. the second interface doesn''t work when the firewall is activated and server and virual-server can''t see each other. none of them can connect to any other hosts of this second network. > > bridge is up and running: > > # brctl show xenbr1 > bridge name bridge id STP enabled interfaces > xenbr1 8000.feffffffffff no vif0.1 > peth1 > vif1.0 > > everything seems to be correct, interfaces are: > > eth0 - network 1 - xen doesn''t use it, works well > eth1 - network 2 - xen manages it, does not work when firewall is enabled > peth1 > vif0.1 - eth1 on server > vif1.0 - eth0 on virtual server > xenbr1 > lo > > what''s what i''m missing about xen networking? the server firewall should only block connections directed to him, but not those of the virtual server, is it right? i have tried to put this interface on the internal zone (no port is blocked) and doen''t work, i''ve activated forwarding, doesn''t work.. only when the firewall is stopped everything works fine.. > any help would be appreciated! > > regards > > jorge > > > > > > > > >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users